commit aeefa49edd8e328db9ccf54960462f639560ac96
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Oct 22 12:14:52 2018 +0200
committer Hanno Becker <hanno.becker@arm.com> Wed Nov 21 21:03:14 2018 +0000
tree 29ce72f35567a4fcc7d8175e7bbe1a07501b194a
parent 55517ae95f914d14870e8638f76bdc961ea1b96e

Add config option for X.509/TLS to use PSA

include/mbedtls/check_config.h

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index a41277f..0a6f4bf 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -644,6 +644,10 @@
 #endif
 #undef MBEDTLS_THREADING_IMPL
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
 #error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
 #endif

include/mbedtls/config.h

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 0242bd8..1017a90 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1583,6 +1583,20 @@
 //#define MBEDTLS_THREADING_PTHREAD
 
 /**
+ * \def MBEDTLS_USE_PSA_CRYPTO
+ *
+ * Make the X.509 and TLS library use PSA for cryptographic operations, see
+ * #MBEDTLS_PSA_CRYPTO_C.
+ *
+ * Note: this option is still in progress, the full X.509 and TLS modules are
+ * not covered yet, but parts that are not ported to PSA yet will still work
+ * as usual, so enabling this option should not break backwards compatibility.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C.
+ */
+//#define MBEDTLS_USE_PSA_CRYPTO
+
+/**
  * \def MBEDTLS_VERSION_FEATURES
  *
  * Allow run-time checking of compile-time enabled features. Thus allowing users

library/version_features.c

diff --git a/library/version_features.c b/library/version_features.c
index 53cf0a5..e2e9949 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -513,6 +513,9 @@
 #if defined(MBEDTLS_THREADING_PTHREAD)
     "MBEDTLS_THREADING_PTHREAD",
 #endif /* MBEDTLS_THREADING_PTHREAD */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    "MBEDTLS_USE_PSA_CRYPTO",
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #if defined(MBEDTLS_VERSION_FEATURES)
     "MBEDTLS_VERSION_FEATURES",
 #endif /* MBEDTLS_VERSION_FEATURES */

scripts/config.pl

diff --git a/scripts/config.pl b/scripts/config.pl
index 085fc2c..833b6d3 100755
--- a/scripts/config.pl
+++ b/scripts/config.pl
@@ -37,6 +37,8 @@
 #       - this could be enabled if the respective tests were adapted
 #   MBEDTLS_ZLIB_SUPPORT
 #   MBEDTLS_PKCS11_C
+#   MBEDTLS_USE_PSA_CRYPTO
+#       - experimental, and more an alternative implementation than a feature
 #   and any symbol beginning _ALT
 #
 
@@ -98,6 +100,8 @@
 MBEDTLS_PKCS11_C
 MBEDTLS_NO_UDBL_DIVISION
 MBEDTLS_NO_64BIT_MULTIPLICATION
+MBEDTLS_PSA_CRYPTO_SPM
+MBEDTLS_USE_PSA_CRYPTO
 _ALT\s*$
 );